sources: add optional "source-checksum" property

[pachulo]

Features

• Solution for LP: #1585913 bug based on work done by @tsimonq2 in PR Add source-checksum option #619 but with support only for checksums specified in the snapcraft.yml file.
• The code adds the optional property "source-checksum" to check the integrity of the source files (tar, zip, deb or rpm).
• The format of the property is <algorithm>/<digest>. For example:
  • sha256/de2fb61252548af3c87c4aab17e82601691d19e37fd3d29ea6288e56
• Currently, the supported algorithms are: md5, sha1, sha224, sha256, sha384, sha512, sha3_256, sha3_384 & sha3_512
• The sha3 support comes from pysha3 in systems where python version < 3.6.
• The size of sha2 digests is automatically detected, supporting the following bit sizes:
  • 224
  • 256
  • 384
  • 512

Failsafes

• It has the following failsafes to ensure the code always works as intended:
  • Special exception for a checksum that doesn't match
  • Raises an exception for a checksum that is invalid, or incompatible with the checksums supported

Testing coverage

• I have the following testing in place:
  • Integration tests:
    • Testing of each supported algorithm in raw form with a created file (tar) that has a static checksum in the snapcraft.yaml file.
    • A single test in simple-zip.
    • Tests deb-with-checksum and rpm-with-checksum created.
  • Unit tests:
    • Testing for sources that don't allow digest.
    • Testing for sources that allow digest and where the digest:
      • is correct
      • is wrong
      • uses an invalid algorithm

[sergiusens]

Thanks for your contribution. The timing is a bit unfortunate in that we just finished refactoring that source package. It is unfortunate to not have sha3 in our current version of python which we might just be sticking with for a while. For this reason one of our colleagues is SRUing pysha3 into xenial. Maybe @squidsoup can give us an update on that.

[squidsoup]

pysha3 is currently in the proposed queue for zesty (https://launchpad.net/ubuntu/zesty/+queue?queue_state=0&queue_text=pysha3), after which it will be SRU'd to xenial. Unfortunately I can't provide any timeframes at the moment.

[tsimonq2]

I would be interested to see what this looks like once the conflicts are resolved.

Thanks for finishing that up, and sorry for going MIA!

[pachulo]

So what should I do @sergiusens ? Rebase the PR so it can be merged?
Can we go on without the SHA3 support for now and add it when the library is available in the repos?
I think that this feature is a good one to have in snapcraft as soon as possible.

Thanks a lot to you @tsimonq2 !

[kyrofa]

So what should I do @sergiusens ? Rebase the PR so it can be merged?

I'd say yes.

Can we go on without the SHA3 support for now and add it when the library is available in the repos?

I'd also say yes to this.

[pachulo]

@sergiusens @kyrofa rebase done!

Additionally I:

• Tried to put everything in it's place: the new error handle, the function that verifies the checksum, etc.
• Deleted the code to support sha3 digests (instead of leaving it commented): once the library is added to the repos, it should be a breeze to add it.

Waiting for your comments!

[kyrofa]

Thanks @pachulo! I have a few suggestions, but I like where this is heading.

[kyrofa]

Not sha3 right now, correct?

[pachulo]

Yes indeed!

[kyrofa]

I'm not an enormous fan of relying on the length to tell us what hash we think it is (a lot of magic numbers), and I don't think it's particularly helpful to our users. I say we just calculate the hash using the digest they told us to use and compare, simple as that. Something like this:

def verify_checksum(source_checksum, checkfile):
    try:
        digest, checksum = source_checksum.split('/', 1)
    catch ValueError:
        raise ValueError('invalid checksum format: {!r}'.format(source_checksum))

    with open(checkfile, 'rb') as f:
        # This will raise a ValueError if digest is unsupported
        checksum = hashlib.new(digest, f.read())

    digest = checksum.hexdigest()
    if digest != source_checksum_digest:
        # Make sure this exception has a good error message, printing both digests.
        raise errors.ChecksumDoesNotMatchError(digest, source_checksum_digest)

It also immediately expands the number of hashing algorithms we support.

[kyrofa]

Also, is this intended to be a method on FileBase? It shouldn't be, and, well, it's not (no self), but then it's used as if it is. It should probably be in sources/__init__.py.

[pachulo]

No, I didn't really know where to put it, so I put it in FileBase, but it makes much more sense in sources/__init__.py
Moved and modified the implementation to one similar to your example.

[kyrofa]

Is there a reason why source_checksum is added at the beginning of named arguments instead of the end, where it'd cause a smaller diff?

[pachulo]

not really, modified!

[kyrofa]

This would do more for you if it accepted an expected and actual digest and printed a decent formatted message on its own.

[pachulo]

Yeah, it makes a lot of sense to do it in the the error init. Modified.

[codecov-io]

Codecov Report

❗ No coverage uploaded for pull request base (master@2426177). Click here to learn what that means.
The diff coverage is 89.13%.

@@            Coverage Diff            @@
##             master     #980   +/-   ##
=========================================
  Coverage          ?   96.35%           
=========================================
  Files             ?      195           
  Lines             ?    17903           
  Branches          ?     1379           
=========================================
  Hits              ?    17250           
  Misses            ?      441           
  Partials          ?      212

Impacted Files	Coverage Δ
snapcraft/tests/init.py	90.74% <ø> (ø)
snapcraft/internal/pluginhandler/init.py	92.12% <ø> (ø)
snapcraft/internal/sources/_subversion.py	100% <100%> (ø)
snapcraft/internal/sources/_base.py	100% <100%> (ø)
snapcraft/internal/sources/_bazaar.py	100% <100%> (ø)
snapcraft/tests/sources/test_git.py	100% <100%> (ø)
snapcraft/tests/sources/test_subversion.py	100% <100%> (ø)
snapcraft/internal/sources/_mercurial.py	100% <100%> (ø)
snapcraft/internal/sources/errors.py	100% <100%> (ø)
snapcraft/tests/sources/test_mercurial.py	100% <100%> (ø)
... and 8 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 2426177...fbf2812. Read the comment docs.

[kyrofa]

Indentation is a little weird through here.

[pachulo]

Modified!

[kyrofa]

The SnapcraftError class is a little smarter than that:

class DigestDoesNotMatchError(errors.SnapcraftError):
    fmt = 'Expected the digest for source to be {expected}, but it was {calculated}'

    def __init__(self, expected, calculated):
        super().__init__(expected=expected, calculated=calculated)

[pachulo]

Didn't really know how to do it...thanks for the tip!

[tsimonq2]

I remember writing special exceptions, didn't know we got a new error interface since I initially wrote this, cool!

[kyrofa]

Alright I'm happy with this, thanks @pachulo!

[come-maiz]

Thanks a lot for your contribution!
I've left some minor comments. The big issue here is that there are no unit tests.
It needs unit tests for sources that don't allow digest, for sources that allow digest and the digest is right and wrong.

I can guide you with the tests, if you need a hand.

[come-maiz]

please use dump instead of copy

[pachulo]

Done!

[come-maiz]

please use dump instead of tar-content

[pachulo]

Done!

[come-maiz]

tiny detail, it's more readable like:
"can't specify a source ..."
It's the only exception where we like double quotes. I know the lines above are not following it, we can fix them later.

[pachulo]

OK!

[come-maiz]

no need for the \ in there. You can just continue strings in the following line.

[pachulo]

OK!

[pachulo]

Modified with the commented stuff, but I will definitely need guidance with those unit tests @ElOpio !

[pachulo]

@ElOpio I added the unit tests for the sources that don't allow digests, but I would need help to create the ones for the sources that do admit them: Can you give me an example?

[sergiusens]

thanks @pachulo I triggered the cla test to rerun. There are however, some conflicts to be taken care of.

[come-maiz]

This is looking very good @pachulo.
One small detail, please check that all the files you touched have 2017 in the copyright date at the top.

In order to test the integration for invalid checksums, you could copy checksum-algorithms to checksum-algorithms-invalid, and change one character on each checksum.

Then on test_checksum_algorithms you can use test scenarios to run snapcraft pull {part-name} for each part, and use assertRaises to check that they all fail.

I'm in rocket.ubuntu.com if you need a hand.

[come-maiz]

please update the copyright year.

[pachulo]

Good night! I think that now everything is in it's place! I'm waiting for your comments (or even approval)!

[come-maiz]

looks very good to me. I just left a few more comments. Thanks!

[come-maiz]

This would look better as scenarios, don't you think?

[pachulo]

I don't really know how scenarios look like, but I guess that you are right. Any hint or example to follow?

[come-maiz]

grep for scenarios in the tests directories. You'll find plenty. You need to move this test to it's own test class, and put the parts names in the scenarios list.

Something like:

scenarios = [(part, {'part': part}) for part in ['checksum-md5', 'checksum-sha1', ...]]

Then, during the test will be copied for every part, and self.part will have the value.

[come-maiz]

you could add deb-with-checksum and rpm-with-checksum as scenarios here.

[come-maiz]

why is this here? What happens on 3.6?

[pachulo]

I took the example from PR#940 snapcraft/file_utils.py: In python 3.6 sha3 support is upstreamed in hashlib.

[come-maiz]

got it. Please leave that as a comment in the code.

[come-maiz]

on this one, there's no need to make a zip file, right?
The error should happen before verify_checksum tries to open the file, so you can just pass a string like 'dummy.zip', and you test the same code path faster.

[pachulo]

Yes, we need to make a file. That was my first attempt, but I found out that the error happens after verify_checksum opens the file.

[come-maiz]

And does it need to be a valid zip file, or any file will do?

I see that this is not your code, this is the library following the python rule of ask forgiveness, not permission, so it's ok.

[come-maiz]

grep for scenarios in the tests directories. You'll find plenty. You need to move this test to it's own test class, and put the parts names in the scenarios list.

Something like:

scenarios = [(part, {'part': part}) for part in ['checksum-md5', 'checksum-sha1', ...]]

Then, during the test will be copied for every part, and self.part will have the value.

[come-maiz]

I have nothing else to add here. Thanks @pachulo!
I will trigger the autopkgtests.

[tsimonq2]

\o/

[kyrofa]

Note that the CLA check is timing out (there are too many commits, haha). I think we can ignore it at this point. I'm going to update the branch and trigger the autopkgtests.